
Microsoft Security Response Center
Threat Intelligence- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
The Microsoft Security Response Center (MSRC) connector integrates with the MSRC Common Vulnerability Reporting Framework (CVRF) API to synchronize Microsoft security update guide data into the Brinqa platform. Each monthly security-update release ("bulletin") is expanded into the products it affects and the individual security updates (vulnerabilities) it addresses.
The connector synchronizes the following categories of data:
- Products — Microsoft products and platforms referenced by a security update release
- Security Bulletins — Monthly security-update releases, mapped to security advisories
- Security Updates — Individual vulnerabilities (CVEs) addressed by a release, with CVSS scoring, remediation, and KB article references
Category: Threat Intelligence
Data retrieved from Microsoft Security Response Center
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Product | Yes | Product |
| Security Bulletin | Yes | Security Advisory |
| Security Update | Yes | Vulnerability Definition |
Model relationships
For detailed steps on how to view the data retrieved from Microsoft Security Response Center in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select Microsoft Security Response Center from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| API url | Yes | https://api.msrc.microsoft.com | MSRC API url |
| API version | No | current year (e.g. 2026) | MSRC API version. |
Authentication
The MSRC CVRF API is a public, unauthenticated REST API — no API key, token, or credentials are required. The connector sends Accept: application/json on every request and does not add an authorization header.
Endpoint
| Method | URL |
|---|---|
GET | {url}/updates |
Usage
All requests carry a standard Accept header; no credentials are attached:
Accept: application/json
Sync Behavior
The connector supports both full and incremental (delta) syncs across all models. The MSRC CVRF API does not offer a server-side time filter, so the /updates release list is always retrieved in full and filtering is applied client-side:
- Incremental (delta) sync — When a sync-since timestamp is provided, only releases whose
CurrentReleaseDate >= sinceare processed; releases older than the timestamp are skipped before their CVRF documents are fetched. - Full sync — When no sync-since timestamp is set, every release is processed.
Because Products, Security Bulletins, and Security Updates are all derived from the same release/CVRF documents, this release-level filter governs the sync behavior of every model. Per-model incremental details are documented under each model's Sync Duration Parameter below.
How to obtain Microsoft Security Response Center credentials
Obtain the required credentials (url) from your Microsoft Security Response Center administrator or the Microsoft Security Response Center admin console, then enter them in the connection settings above.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
Product
| Source Field Name | SDM Attribute |
|---|---|
FullProductName.ProductID | UID |
FullProductName.ProductID, then the portion of FullProductName.Value before " on " | NAME |
FullProductName.Value | TITLE |
portion of FullProductName.Value after " on " | PLATFORM |
Update.ID | MENTIONED_BY |
Security Bulletin
| Source Field Name | SDM Attribute |
|---|---|
DocumentNotes note titled Release Notes (its Value) | DESCRIPTION |
DocumentPublisher.IssuingAuthority.Value | ISSUING_AUTHORITY |
Update.Alias | ALIAS |
Update.Alias (falls back to Update.ID), overridden by Update.DocumentTitle when present | NAME |
Update.CurrentReleaseDate | SOURCE_LAST_MODIFIED |
Update.ID | UID |
Update.InitialReleaseDate | PUBLISHED_DATE |
Security Update
| Source Field Name | SDM Attribute |
|---|---|
CVSSScoreSets.Vector (parsed by the CVSS utility) | CVSS metrics (CVSS_V2_, CVSS_V3_, CVSS_V4_*) |
MD5 of (Update.ID, ProductID, Vulnerability.CVE) | UID |
ProductID (from Vulnerability.ProductStatuses) | AFFECTED |
remediation Supercedence (split on ,) | SUPERSEDES |
remediation URL (rendered as an HTML link) | REFERENCES |
remediations of Type == 2 whose Description.Value is numeric (KB IDs) | ARTICLE |
| same parsed threat map, key DOS | DOS |
| same parsed threat map, key Exploited | EXPLOITABILITY |
| same parsed threat map, key Latest Software Release | LATEST_SOFTWARE_RELEASE |
| same parsed threat map, key Older Software Release | OLDER_SOFTWARE_RELEASE |
the UID, overridden by Vulnerability.Title.Value when present | NAME |
Threat where Type == 0 (Description.Value) | IMPACT |
| Threat where Type == 1, parsed key Publicly Disclosed | PUBLICLY_DISCLOSED |
| Threat where Type == 3 | SEVERITY |
Update.CurrentReleaseDate (falls back to now) | SOURCE_LAST_MODIFIED |
Update.ID | BULLETIN_ID |
Update.InitialReleaseDate (falls back to now) | PUBLISHED_DATE |
Update.InitialReleaseDate (falls back to now) | SOURCE_CREATED_DATE |
| Vulnerability note titled Description | DESCRIPTION |
| Vulnerability note titled FAQ | FAQ |
Vulnerability.CVE | CVE_IDS |
Vulnerability.CVE | CVE_RECORDS |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
Product
Operation options
This object does not support any operation options.
Delta sync
Not supported. The connector performs a full sync of Product on every run and applies no incremental date filter.
API
- Type: REST — MSRC CVRF API (JSON)
Security Bulletin
Operation options
This object does not support any operation options.
Delta sync
Not supported. The connector performs a full sync of Security Bulletin on every run and applies no incremental date filter.
API
- Type: REST — MSRC CVRF API (JSON)
Security Update
Operation options
This object does not support any operation options.
Delta sync
Not supported. The connector performs a full sync of Security Update on every run and applies no incremental date filter.
API
- Type: REST — MSRC CVRF API (JSON)
Changelog
The Microsoft Security Response Center connector has undergone the following changes:
| Version | Description | Migration Steps |
|---|---|---|
| 3.5.9 | No changes in this release. | N/A |
| 3.5.8 | No changes in this release. | N/A |
| 3.5.7 | No changes in this release. | N/A |
| 3.5.6 | No changes in this release. | N/A |
| 3.5.5 | Bug Fixes - Corrected the Security Bulletin "Published date" / "Source last modified" and the Security Update "Published date" / "Source created date" / "Source last modified" attributes to be stored as proper timestamps (were stored as numbers), matching the connector schema. Improvements - Models now write attributes through the platform's shared, type-validating attribute helper instead of a connector-local helper, so values are validated against the declared schema type at write time. | • Security Bulletin / Security Update: the date attributes listed above changed from numbers to timestamps. Re-sync the MSRC connector to repopulate these records with the corrected type. |
| 3.5.4 | No changes in this release. | N/A |
| 3.5.3 | No changes in this release. | N/A |
| 3.5.2 | No changes in this release. | N/A |
| 3.5.1 | No changes in this release. | N/A |
| 3.5.0 | No changes in this release. | N/A |
| 3.4.32 | No changes in this release. | N/A |
| 3.4.31 | No changes in this release. | N/A |
| 3.4.30 | No changes in this release. | N/A |
| 3.4.29 | No changes in this release. | N/A |
| 3.4.28 | No changes in this release. | N/A |
| 3.4.27 | No changes in this release. | N/A |
| 3.4.26 | No changes in this release. | N/A |
| 3.4.25 | No changes in this release. | N/A |
| 3.4.24 | No changes in this release. | N/A |
| 3.4.23 | No changes in this release. | N/A |
| 3.4.22 | No changes in this release. | N/A |
| 3.4.21 | No changes in this release. | N/A |
| 3.4.20 | No changes in this release. | N/A |
| 3.4.19 | No changes in this release. | N/A |
| 3.4.18 | No changes in this release. | N/A |
| 3.4.17 | No changes in this release. | N/A |
| 3.4.16 | No changes in this release. | N/A |
| 3.4.15 | Dependency Upgrades - Updated the shared platform model library to the latest version. | N/A |
| 3.4.14 | No changes in this release. | N/A |
| 3.4.13 | No changes in this release. | N/A |
| 3.4.12 | No changes in this release. | N/A |
| 3.4.11 | No changes in this release. | N/A |
| 3.4.10 | No changes in this release. | N/A |
| 3.4.9 | No changes in this release. | N/A |
| 3.4.8 | No changes in this release. | N/A |
| 3.4.7 | No changes in this release. | N/A |
| 3.4.6 | No changes in this release. | N/A |
| 3.4.5 | No changes in this release. | N/A |
| 3.4.4 | No changes in this release. | N/A |
| 3.4.3 | No changes in this release. | N/A |
| 3.4.2 | No changes in this release. | N/A |
| 3.4.1 | No changes in this release. | N/A |
| 3.4.0 | Improvements - Security update dates that include a UTC offset (for example, timestamps ending in a "+00:00"-style zone) are now parsed correctly, improving the accuracy of release-date filtering and the stored bulletin and update dates. | N/A |
| 3.3.10 | No changes in this release. | N/A |
| 3.3.9 | No changes in this release. | N/A |
| 3.3.8 | No changes in this release. | N/A |
| 3.3.7 | No changes in this release. | N/A |
| 3.3.6 | No changes in this release. | N/A |
| 3.3.5 | No changes in this release. | N/A |
| 3.3.4 | No changes in this release. | N/A |
| 3.3.3 | No changes in this release. | N/A |
| 3.3.2 | No changes in this release. | N/A |
| 3.3.1 | No changes in this release. | N/A |
| 3.3.0 | No changes in this release. | N/A |
| 3.2.2 | No changes in this release. | N/A |
| 3.2.1 | No changes in this release. | N/A |
| 3.2.0 | No changes in this release. | N/A |
| 3.1.18 | Overview The Microsoft Security Response Center (MSRC) connector integrates with the Microsoft Security Update Guide to synchronize affected products, security bulletins, and security updates published by Microsoft. Category: Threat Intelligence Models | N/A |